How can I construct an MLModelAsset using data from an in-memory representation?

I’m developing a macOS app that uses a proprietary Core ML model, which I need to encrypt. Since Core ML doesn’t support model encryption on macOS, I plan to encrypt the model myself using a symmetric key and decrypt it at runtime. To minimize the possibility of the model being compromised, I’d like to ensure that the decrypted model is only accessible in-memory, not on-disk. So my app will load the encrypted data, decrypt it with CryptoKit, construct an MLModelAsset with the decrypted data, and load that with MLModel.load(MLModelAsset...).

The part I’m stuck on is constructing the MLModelAsset. It only has one initializer method: init(specification: Data), where specification is described as “[t]he contents of a .mlmodel as a data blob.” My model is in the .mlpackage format, which is a macOS package (i.e. a directory, not a blob). Attempting to initialize MLModelAsset with the (unencrypted) .mlmodel file stored inside the .mlpackage (under “Data/com.apple.CoreML/model.mlmodel”) throws an error:

testLoadingPlainTextModel(): failed: caught error: "Error Domain=com.apple.CoreML Code=0 "compiler error:  Encountered an error while compiling a neural network model: in operation op_7_to_fp16: Cannot interpret @model_path when ModelPath is unset" UserInfo={NSLocalizedDescription=compiler error:  Encountered an error while compiling a neural network model: in operation op_7_to_fp16: Cannot interpret @model_path when ModelPath is unset}"

Since .mlpackage stores the model architecture and the weights in separate files, this isn’t unexpected. But I have no idea how to load the .mlpackage (or the corresponding .mlmodelc) as a blob, since they’re both directories and Data(contentsOf:) throws an error if you try to load them.

(Note: I’m testing all this without any encryption for the time being—neither the .mlpackage or .mlmodelc is encrypted in my test project.)

What am I doing wrong? Is there any way to load an .mlpackage or .mlmodelc package as a blob, for instantiating MLModelAsset? Or is there a different/better way to encrypt Core ML models on macOS?

Thanks!

Up vote post of palomar Down vote post of palomar
1k views
Posted by
palomar
Reply
Add a Comment

Replies

Update: I reconverted my model from PyTorch to the .mlmodel format (i.e. a neural network rather than an ML program). I loaded that as a Data object and used it to construct an MLModelAsset without errors.

So a simpler form of my question would be: is it possible to create an MLModelAsset using data from the newer ML program format? And if so, how do I go about loading the .mlpackage data — given that it’s a directory and not a single file?

Posted by
palomar
Up vote reply of palomar Down vote reply of palomar
Add a Comment

Hi @palomar, did you ever resolve this issue or find a viable alternative?

Posted by
1bit
Up vote reply of 1bit Down vote reply of 1bit
Add a Comment